1. Advisor
  2. plaso
  3. functions
  4. plaso.containers.events.EventData
View all plaso analysis

How to use the plaso.containers.events.EventData function in plaso

To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github log2timeline / plaso / plaso / parsers / sqlite_plugins / firefox.py View on Github external
"""Firefox bookmark folder event data.

  Attributes:
    title (str): title of the bookmark folder.
  """

  DATA_TYPE = 'firefox:places:bookmark_folder'

  def __init__(self):
    """Initializes event data."""
    super(FirefoxPlacesBookmarkFolderEventData, self).__init__(
        data_type=self.DATA_TYPE)
    self.title = None


class FirefoxPlacesBookmarkEventData(events.EventData):
  """Firefox bookmark event data.

  Attributes:
    host (str): visited hostname.
    places_title (str): places title.
    title (str): title of the bookmark folder.
    type (int): bookmark type.
    url (str): bookmarked URL.
    visit_count (int): visit count.
  """

  DATA_TYPE = 'firefox:places:bookmark'

  def __init__(self):
    """Initializes event data."""
    super(FirefoxPlacesBookmarkEventData, self).__init__(
github log2timeline / plaso / plaso / parsers / chrome_preferences.py View on Github external
Attributes:
    message (str): message.
  """

  DATA_TYPE = 'chrome:preferences:extensions_autoupdater'

  def __init__(self):
    """Initializes event data."""
    super(ChromeExtensionsAutoupdaterEventData, self).__init__(
        data_type=self.DATA_TYPE)
    # TODO: refactor this in something more descriptive.
    self.message = None


class ChromeExtensionInstallationEventData(events.EventData):
  """Chrome Extension event data.

  Attributes:
    extension_id (str): extension identifier.
    extension_name (str): extension name.
    path (str): path.
  """

  DATA_TYPE = 'chrome:preferences:extension_installation'

  def __init__(self):
    """Initializes event data."""
    super(ChromeExtensionInstallationEventData, self).__init__(
        data_type=self.DATA_TYPE)
    self.extension_id = None
    self.extension_name = None
github log2timeline / plaso / plaso / parsers / xchatscrollback.py View on Github external
from __future__ import unicode_literals

import pyparsing

from dfdatetime import posix_time as dfdatetime_posix_time

from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
from plaso.parsers import logger
from plaso.parsers import manager
from plaso.parsers import text_parser


class XChatScrollbackEventData(events.EventData):
  """XChat Scrollback line event data.

  Attributes:
    nickname (str): nickname.
    text (str): text sent by nickname service messages.
  """

  DATA_TYPE = 'xchat:scrollback:line'

  def __init__(self):
    """Initializes event data."""
    super(XChatScrollbackEventData, self).__init__(data_type=self.DATA_TYPE)
    self.nickname = None
    self.text = None
github log2timeline / plaso / plaso / parsers / winreg_plugins / mrulist.py View on Github external
import abc

from dtfabric.runtime import data_maps as dtfabric_data_maps

from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
from plaso.lib import errors
from plaso.parsers import logger
from plaso.parsers import winreg
from plaso.parsers.shared import shell_items
from plaso.parsers.winreg_plugins import dtfabric_plugin
from plaso.parsers.winreg_plugins import interface


class MRUListEventData(events.EventData):
  """MRUList event data attribute container.

  Attributes:
    entries (str): most recently used (MRU) entries.
    key_path (str): Windows Registry key path.
  """

  DATA_TYPE = 'windows:registry:mrulist'

  def __init__(self):
    """Initializes event data."""
    super(MRUListEventData, self).__init__(data_type=self.DATA_TYPE)
    self.entries = None
    self.key_path = None
github log2timeline / plaso / plaso / parsers / sqlite_plugins / skype.py View on Github external
username (str): full name of the Skype account holder and display name.
  """

  DATA_TYPE = 'skype:event:account'

  def __init__(self):
    """Initialize event data."""
    super(SkypeAccountEventData, self).__init__(data_type=self.DATA_TYPE)
    self.country = None
    self.display_name = None
    self.email = None
    self.offset = None
    self.username = None


class SkypeSMSEventData(events.EventData):
  """Skype SMS event data.

  Attributes:
    number (str): phone number where the SMS was sent.
    text (str): text (SMS body) that was sent.
  """

  DATA_TYPE = 'skype:event:sms'

  def __init__(self):
    """Initialize event data."""
    super(SkypeSMSEventData, self).__init__(data_type=self.DATA_TYPE)
    self.number = None
    self.text = None
github log2timeline / plaso / plaso / parsers / sqlite_plugins / chrome_cookies.py View on Github external
from __future__ import unicode_literals

from dfdatetime import webkit_time as dfdatetime_webkit_time

from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
# Register the cookie plugins.
from plaso.parsers import cookie_plugins  # pylint: disable=unused-import
from plaso.parsers import sqlite
from plaso.parsers.cookie_plugins import manager as cookie_plugins_manager
from plaso.parsers.sqlite_plugins import interface


class ChromeCookieEventData(events.EventData):
  """Chrome Cookie event data.

  Attributes:
    cookie_name (str): name of the cookie.
    host (str): hostname of host that set the cookie value.
    httponly (bool): True if the cookie cannot be accessed through client
        side script.
    path (str): path where the cookie got set.
    persistent (bool): True if the cookie is persistent.
    secure (bool): True if the cookie should only be transmitted over a
        secure channel.
    url (str): URL or path where the cookie got set.
    data (str): value of the cookie.
  """

  DATA_TYPE = 'chrome:cookie:entry'
github log2timeline / plaso / plaso / parsers / mac_keychain.py View on Github external
def __init__(self):
    """Initializes event data."""
    super(KeychainInternetRecordEventData, self).__init__(
        data_type=self.DATA_TYPE)
    self.account_name = None
    self.comments = None
    self.entry_name = None
    self.protocol = None
    self.ssgp_hash = None
    self.text_description = None
    self.type_protocol = None
    self.where = None


# TODO: merge with KeychainInternetRecordEventData.
class KeychainApplicationRecordEventData(events.EventData):
  """MacOS keychain application password record event data.

  Attributes:
    account_name (str): name of the account.
    comments (str): comments added by the user.
    entry_name (str): name of the entry.
    ssgp_hash (str): password/certificate hash formatted as an hexadecimal
        string.
    text_description (str): description.
  """

  DATA_TYPE = 'mac:keychain:application'

  def __init__(self):
    """Initializes event data."""
    super(KeychainApplicationRecordEventData, self).__init__(
github log2timeline / plaso / plaso / parsers / winreg_plugins / lfu.py View on Github external
# -*- coding: utf-8 -*-
"""Plug-in to collect the Less Frequently Used Keys."""

from __future__ import unicode_literals

from plaso.containers import events
from plaso.containers import time_events
from plaso.containers import windows_events
from plaso.lib import definitions
from plaso.parsers import winreg
from plaso.parsers.winreg_plugins import interface


class WindowsBootExecuteEventData(events.EventData):
  """Windows Boot Execute event data attribute container.

  Attributes:
    key_path (str): Windows Registry key path.
    value (str): boot execute value, contains the value obtained from
        the BootExecute Registry value.
  """

  DATA_TYPE = 'windows:registry:boot_execute'

  def __init__(self):
    """Initializes event data."""
    super(WindowsBootExecuteEventData, self).__init__(
        data_type=self.DATA_TYPE)
    self.key_path = None
    self.value = None
github log2timeline / plaso / plaso / parsers / winreg_plugins / winrar.py View on Github external
# -*- coding: utf-8 -*-
"""This file contains a WinRAR history Windows Registry plugin."""

from __future__ import unicode_literals

import re

from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import definitions
from plaso.parsers import winreg
from plaso.parsers.winreg_plugins import interface


class WinRARHistoryEventData(events.EventData):
  """WinRAR history event data attribute container.

  Attributes:
    entries (str): archive history entries.
    key_path (str): Windows Registry key path.
  """

  DATA_TYPE = 'winrar:history'

  def __init__(self):
    """Initializes event data."""
    super(WinRARHistoryEventData, self).__init__(data_type=self.DATA_TYPE)
    self.entries = None
    self.key_path = None
github log2timeline / plaso / plaso / parsers / firefox_cache.py View on Github external
import collections
import re
import os

from dfdatetime import posix_time as dfdatetime_posix_time

from plaso.containers import events
from plaso.containers import time_events
from plaso.lib import errors
from plaso.lib import definitions
from plaso.parsers import dtfabric_parser
from plaso.parsers import logger
from plaso.parsers import manager


class FirefoxCacheEventData(events.EventData):
  """Firefox cache event data.

  Attributes:
    data_size (int): size of the cached data.
    fetch_count (int): number of times the cache entry was fetched.
    frequency (int): ???
    info_size (int): size of the metadata.
    location (str): ???
    request_method (str): HTTP request method.
    request_size (int): HTTP request byte size.
    response_code (int): HTTP response code.
    url (str): URL of original content.
    version (int): cache format version.
  """

  DATA_TYPE = 'firefox:cache:record'

plaso

Plaso (log2timeline) - Super timeline all the things

GitHub
Apache-2.0
Latest version published 2 months ago

Package Health Score

81 / 100
Full package analysis

Popular plaso functions

Similar packages